CVE-2011-4923
Published: 18 February 2012
Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.
Priority
Status
Package | Release | Status |
---|---|---|
backuppc Launchpad, Ubuntu, Debian |
hardy |
Released
(3.0.0-4ubuntu1.3)
|
lucid |
Released
(3.1.0-9ubuntu1.2)
|
|
maverick |
Released
(3.1.0-9ubuntu2.2)
|
|
natty |
Released
(3.2.0-3ubuntu4.2)
|
|
oneiric |
Released
(3.2.1-1ubuntu1.1)
|
|
upstream |
Released
(3.2.1)
|
|
Patches: upstream: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24 |